Report the use of components with vulnerabilities in k8sgpt
Closed this issue · 1 comments
Checklist
- I've searched for similar issues and couldn't find anything matching
- I've discussed this feature request in the K8sGPT Slack and got positive feedback
Is this feature request related to a problem?
None
Problem Description
Dear Team Members:
Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.
Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.
Qiyu Hou
Solution Description
None
Benefits
None
Potential Drawbacks
None
Additional Information
None
Hello,
We now actively publish security advisories for components that have CVE risk.
Please see here